On Sun, Dec 28, 2003 at 01:47:47AM -0500, David B Harris wrote:
> On Sat, 27 Dec 2003 12:25:45 -0800
> Matt Zimmerman <mdz@debian.org> wrote:
> > > That key is "Debian Archive Automatic Signing Key (2003)
> > > <ftpmaster@debian.org>" which I thought was supposed to be revoked due to
> > > the compromise.
> >
> > That key is also still used to sign stable, stable/non-US and
> > proposed-updates/non-US, though proposed-updates is signed with the new v2
> > key.
>
> I was actually going to ask - what happens to stable users when either a
> release takes longer than a year to get out, or they want to skip a stable
> version and go for the one after?
I don't see the problem...they just need to grab the new key and feed it to
apt-key. The keyring provided by default is just a convenience for the
common case; normally you need to take care of importing the keys yourself.
> Perhaps an archive signing key for each dist, instead of one for each
> year? Several of each should probably be generated, too, and all but the
> live one kept offline in different locations, in case of compromise.
Do I understand that you are suggesting we pre-generate keys for future use,
so that we can include them with the current distribution?
--
- mdz